(The latest windows agent is available on RSA LINK web site
The right approach is to disable the DA_SVC by using the registry. Stopping the DA_SVC without registry key isolation causes more problems than it fixes.
From Start, type regedit to open the Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Disconnected Authentication\.
Delete the InstallDir registry string.
AAWIN-2180 (Lac Agent 22.214.171.124 - RDP timeout timeout issue and login issue) addressed this issue and was closed in 2015.
If one only needs to retrieve the password from the server as the user logs in, then one does not need the Offline Authentication Service. (AceGetLoginPW() retrieves the password from the sSUSER structure's loginPW member). However, if one also needs to support updating the password on the RSA Authentication Manager server, then one needs to communicate with the Offline Authentication Service (AceSetLoginPW() invokes AceDASetLoginPW() to set the password through the Offline Authentication Service).